Why Google needs to fix Android’s image problem

“But that’s the way we’ve always done it” never really works as an excuse for an unforeseen problem. The reasoning behind Android’s ability to let app developers access personal smartphone photos without permission is understandable, but it actually goes against a core Android design principle.

We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images.

As many have noted, this is sort of how computers have worked for a long time. If an application prompted you every time it needed to access a file, you’d do nothing but approve prompts, as MG Siegler pointed out in a post dismissing the concerns articulated by the Times as similar to those of people who never leave the house because they’re scared of getting robbed.

But the example the Times used to test this out involved a timer app that uploaded photos from the phone when the user started the timer. It’s not unreasonable to suggest that an app designed for the most personal computing device we’ve ever created should have to ask your permission before being allowed to do something completely unrelated to its core function.

In other instances, Google agrees: just look at its response to the Path/iOS address book snafu. When you install an app on a mobile operating system that is has been touted by its creators as more secure than the competition because it requires developers to ask your permission to do absolutely anything–and that app does something that it never asked your permission to do–you have a right to be annoyed.

Google won’t even let an Android application access the Internet unless the app developer tells Android that the app intends to access the Internet. Applications have to declare their intention to “write to the SD card,” as Facebook’s Android application does before it is downloaded. But they apparently don’t have to declare their intention to “read from/access the SD card,” which Facebook is obviously allowed to do so its users can upload photos.

The company needs to find a way to require app developers to list something like “access to photo library” alongside the list of permissions it requires app developers to submit before their app is allowed to upload photos. That doesn’t mean the app has to ask your permission every time it wants to access a photo: it just needs to tell Android that it reserves the right to do so once installed and allow potential users to see that intention before they install the app.

Assuming you read that list of permissionsbefore you download Android apps, you might wonder why a timer app needs to access your photo library. And if that bothers you, you might go off and find one that doesn’t feel the need to make a copy of your photos.

Mobile computing isn’t going to turn into a nanny state if Google requires Android app developers to be honest about their intentions, a policy that it applies to just about every other piece of personal information on an Android phone except photos. The only people who lose in that situation are those who would exploit your photos for their own benefit.

I could not agree more Tom. It would be much better for everyone if developers and OS providers policed themselves in-regards to privacy. I just dont think it will happen. There is too much money to be made by scraping users personal information. I wrote a post on how the FTC with its new report is a precursor to regulation. Let me know what you think of it. http://blog.famigo.com/2012/02/the-ftc-app-developers-and-children/

It’s more about the notion that Google requires app makers to declare their intent to do a lot of things (what app doesn’t want to access the Internet?), but doesn’t require them to do this. It’s an oversight they should correct to be consistent.

I also think the situation different in the mobile era because apps are so disposable: people download and install apps without thinking about it quite as much because it’s so quick and easy to do so. That’s why Apple promises to review apps before they can be distributed, and why Google makes an app ask Android for permission before allowing that app to do anything.

So, if I want to get copies of your photos, I write a timer app which has user-changeable wallpaper. Then I can request access to your photos. I can put several different chime tones on-line for users to choose (to reduce download size), so I need internet access. Then I do something totally different than what the user expects.

Change the rules all you want, but it is almost impossible to prevent creeps from being creepy.

It’s important to recognize this business of rogue apps uploading your photos for nefarious purposes is all hypothetical. Unlike the iOS Path adress book fiasco, there aren’t any examples of any programs stealing your photos, nor has anyone articulated any reason why they wood.

Google should certainly add a permission for reading SD card data or more specifically photos.

Apple’s situation is different, because it has the opportunity to review apps before users install them as well as the ability to ban apps from the App Store that it can detect are accessing photos improperly. Anyone can upload a piece of malware into the Android Market that can masquerade as a legit app but steal photos, although Google might be able to detect such issues with its new Bouncer feature.